Vulnerabilities > Hcltech
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-29 | CVE-2022-27558 | Weak Password Requirements vulnerability in Hcltech Domino and HCL Inotes HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. | 7.5 |
2022-07-19 | CVE-2022-27544 | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may see SMTP credentials in clear text. | 6.5 |
2022-07-19 | CVE-2022-27545 | Cross-site Scripting vulnerability in Hcltech Bigfix Platform BigFix Web Reports authorized users may perform HTML injection for the email administrative configuration page. | 5.4 |
2022-06-09 | CVE-2021-27786 | Incorrect Comparison vulnerability in Hcltech Onetest Server 10.0/10.1/10.2 Cross-origin resource sharing (CORS) enables browsers to perform cross domain requests in a controlled manner. | 9.8 |
2022-06-01 | CVE-2021-27778 | Cross-site Scripting vulnerability in Hcltech Traveler 10.0.0.0/12.0.1.0 HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. | 4.8 |
2022-05-27 | CVE-2021-27780 | Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. | 5.3 |
2022-05-27 | CVE-2021-27781 | Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. | 4.8 |
2022-05-25 | CVE-2021-27779 | Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1 VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server. | 9.1 |
2022-05-25 | CVE-2021-27783 | Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed. | 6.5 |
2022-05-19 | CVE-2020-4107 | Unspecified vulnerability in Hcltech Domino 10.0/11.0/9.0 HCL Domino is affected by an Insufficient Access Control vulnerability. | 7.8 |